Why Is Auditing Used?

You typically use auditing to perform the following activities:

• Enable accountability for actions.

  These include actions taken in a particular schema, table, or row, or affecting specific content.

• Deter users from inappropriate actions based on that accountability.

• Investigate suspicious activity.

  For example, if a user is deleting data from tables, then a security administrator might decide to audit all connections to the database and all successful and unsuccessful deletions of rows from all tables in the database.

• Notify an auditor of actions by an unauthorized user.

  For example, an unauthorized user could change or delete data, or a user has more privileges than expected, which can lead to reassessing user authorizations.

• Detect problems with an authorization or access control implementation.

  For example, you can create audit policies that you expect will never generate an audit record because the data is protected in other ways. However, if these policies do generate audit records, then you will know the other security controls are not properly implemented.

• Address auditing requirements for compliance.

  Regulations such as the following have common auditing-related requirements:

  • Sarbanes-Oxley Act

  • Health Insurance Portability and Accountability Act (HIPAA)

  • International Convergence of Capital Measurement and Capital Standards: a Revised Framework (Basel II)

  • Japan Privacy Law

  • European Union Directive on Privacy and Electronic Communications

• Monitor and gather data about specific database activities.

  For example, the database administrator can gather statistics about which tables are being updated, how many logical I/O operations are performed, or how many concurrent users connect at peak times.